[Dshield] Strange activity..
micheal at cancercare.net
Thu Jun 26 16:04:10 GMT 2003
----- Original Message -----
From: "Ed Truitt" <ed.truitt at etee2k.net>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Thursday, June 26, 2003 9:17 AM
Subject: Re: [Dshield] Strange activity..
> Did you notice any probes against port 3268? I had one day about a
> month ago when someone hit both 389 and 3268, which indicates to me they
> were looking for Win2K Domain Controllers (3268 is the Global Catalog
> port). The day that happened, DShield reported a spike in the number of
> targets/probes, though the # of sources stayed about the same. I
> haven't seen that combination since. Unfortunately, I had my tarpit
> shut down Monday, as I left town on a short vacation
> Ed Truitt
> PGP fingerprint: 5368 D25E 468C A250 9833 CCD6 DBAE 9C25 02F9 0AB9
No traffic to 3268 at all during the scan times. It's only happened that one
day but with the varying sources, I wasn't sure if there was something that
I'd missed or not. Either way, all traffic was denied at the firewall so no
harm done, but it was a bit curious to say the least.
TSG Network Administration
More information about the list